GHSA-j5qj-rg5j-j7c2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j5qj-rg5j-j7c2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-j5qj-rg5j-j7c2/GHSA-j5qj-rg5j-j7c2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-j5qj-rg5j-j7c2
- Aliases
- Published
- 2025-03-20T12:32:52Z
- Modified
- 2025-03-22T01:18:56.793338Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Aim Uncontrolled Resource Consumption vulnerability
- Details
-
In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.
- Database specific
{ "nvd_published_at": "2025-03-20T10:15:51Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-22T00:33:44Z" }- References
Affected packages
PyPI / aim
Package
- Name
- aim
- View open source insights on deps.dev
- Purl
- pkg:pypi/aim
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.25.0
Affected versions
2.*
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.8.0
3.8.1
3.9.0a1
3.9.0a14
3.9.2
3.9.3
3.9.4
3.10.0.dev9
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0.dev4
3.11.0
3.11.1.dev1
3.11.1
3.11.2
3.12.0.dev2
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.15.2
3.16.0
3.16.1
3.16.2
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5rc1
3.17.5rc2
3.17.5rc3
3.17.5rc4
3.17.5
3.18.0.dev2
3.18.0.dev3
3.18.0.dev4
3.18.0.dev5
3.18.0
3.18.1
3.19.0
3.19.1
3.19.2
3.19.3
3.20.1
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0